Why QA Must Always Approve Deviation Closures in GMP Systems
Introduction to the Audit Finding
1. Issue Overview
Deviations being closed without review or approval by the Quality Assurance (QA) department is a critical GMP failure that compromises product quality and compliance oversight.
2. Context in Industry
This gap typically arises when manufacturing or engineering teams complete deviation forms and finalize records without QA verification.
3. Compliance Impact
- Violation of basic GMP control principles
- Breakdown in the quality management system
- Increased risk of batch release with unresolved issues
4. Example Case
During a USFDA inspection, a site received a 483 observation for deviation forms closed by production staff without QA signature.
5. Regulatory Concern
Such practices undermine QA authority and compromise data integrity — violating principles outlined in GMP documentation requirements.
Regulatory Expectations and Inspection Observations
1. 21 CFR 211.22(a)
Clearly states that QA has the authority and responsibility to review and approve all procedures impacting product quality.
2. EU GMP Annex 1 & Chapter 1
Require QA involvement in deviation investigation, review, and closure as part of the Pharmaceutical Quality System (PQS).
3. MHRA Expectations
QA must ensure deviation closure aligns with CAPA, risk assessments, and change control, where applicable.
4. Real Audit Findings
- FDA:
5. Quality System Breakdown
Absence of QA sign-off leads to lack of standardization, missed criticality assessment, and potential for repeat deviations.
Root Causes of QA Approval Omissions
1. Flawed SOP Workflow
SOPs may not explicitly mandate QA approval in the deviation lifecycle.
2. Decentralized Deviation Handling
When deviations are managed locally by departments, QA oversight becomes inconsistent.
3. Manual Forms and Lack of Control
Handwritten or Excel-based deviation forms are prone to bypassing QA checkpoints.
4. Staff Misunderstanding
Operators or department leads may incorrectly assume their approval is sufficient.
5. Pressure to Close Quickly
Deviation closure timelines may incentivize premature closure without full review.
Prevention of Deviation Closure Without QA Approval
1. Define QA Role in SOP
Ensure deviation SOP clearly mandates QA review and final approval as a non-negotiable step.
2. Establish Workflow Controls
Use electronic QMS systems that restrict closure actions unless QA approval fields are completed.
3. Train All Stakeholders
Train staff on deviation lifecycle, emphasizing QA’s mandatory sign-off and regulatory basis.
4. Monitor for Violations
QA should review deviation logs monthly to identify any instances of closure without approval.
5. Quality Metrics
- % of deviations closed without QA sign-off
- Time to QA closure review
- Repeat deviations post non-QA closure
6. Conduct Internal Audits
Audit deviation records across departments quarterly to ensure full QA participation.
Corrective and Preventive Actions (CAPA)
1. SOP Amendment
Revise deviation SOPs to include mandatory QA review steps with defined roles, timelines, and exception handling protocols.
2. Role-Based Access Control
Restrict deviation closure rights in systems to QA personnel only.
3. QA Closure Checklist
Implement a checklist for QA reviewers to ensure completeness before approval (e.g., root cause, CAPA, impact assessment).
4. Periodic QA Closure Audit
Monthly sampling of deviation records to verify adherence to closure protocol.
5. Regulatory Communication
If deviation closure gaps were previously identified, document actions taken in response and be ready to share during audits.
6. Stability System Linkage
For deviations impacting product quality, ensure QA cross-references stability studies before closure.
7. Escalation Triggers
Define automatic escalation to QA head if deviation is open >30 days or lacks QA action.